A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Enhancing composite digital documents using XML-based standoff markup
Proceedings of the 2005 ACM symposium on Document engineering
Modelling composite document behaviour with concurrent hierarchical state machines
Proceedings of the 9th ACM symposium on Document engineering
A REST protocol and composite format for interactive web documents
Proceedings of the 9th ACM symposium on Document engineering
APEX: automated policy enforcement eXchange
Proceedings of the 10th ACM symposium on Document engineering
Publicly posted composite documents with identity based encryption
Proceedings of the 11th ACM symposium on Document engineering
Proceedings of the 11th ACM symposium on Document engineering
Access control requirements for structured document in cloud computing
International Journal of Grid and Utility Computing
Hi-index | 0.00 |
A novel mechanism for providing and enforcing differential access control for publicly-posted composite documents is proposed. The concept of a document is rapidly changing: individual file-based, traditional formats can no longer accommodate the required mixture of differently formatted parts: individual images, video/audio clips, PowerPoint presentations, html-pages, Word documents, Excel spreadsheets, pdf files, etc. Multi-part composite documents are created and managed in complex workflows, with participants including external consultants, partners and customers distributed across the globe, with many no longer contained within one monolithic secure environment. Distributed over non-secure channels, these documents carry different types of sensitive information: examples include (a) an enterprise pricing strategy for new products, (b) employees' personal records, (c) government intelligence, and (d) individual medical records. A central server solution is often hard or impossible to create and maintain for ad-hoc workflows. Thus, the documents are often circulated between workflow participants over traditional, low security e-mails, placed on shared drives, or exchanged using CD/DVD or USB. The situation is more complicated when multiple workflow participants need to contribute to various parts of such a document with different access levels: for example, full editing rights, read-only, reading of some parts only, etc., for different users. We propose a full scale differential access control approach, enabling public posting of composite documents, to address these concerns.